Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Api Connect Security Vulnerabilities - CVSS Score 9 - 10

cve
cve

CVE-2018-1469

IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using specially crafted HTTP requests. IBM X-Force ID: 140605.

9.8CVSS

9.1AI Score

0.001EPSS

2018-04-04 06:29 PM
22
cve
cve

CVE-2018-1712

IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370.

9.9CVSS

8.9AI Score

0.001EPSS

2018-08-16 07:29 PM
25
cve
cve

CVE-2018-1784

IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807.

9.8CVSS

9.1AI Score

0.002EPSS

2018-12-20 02:29 PM
34
cve
cve

CVE-2018-1789

IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939.

9.9CVSS

8.8AI Score

0.001EPSS

2018-09-07 04:00 PM
32
cve
cve

CVE-2019-4008

API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626.

9.8CVSS

8.8AI Score

0.006EPSS

2019-02-07 04:00 PM
25
cve
cve

CVE-2019-4155

IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted by a privilege escalation vulnerability when integrated with an OpenID Connect (OIDC) user registry. IBM X-Force ID: 158544.

9.8CVSS

9.1AI Score

0.005EPSS

2019-04-08 03:29 PM
33
cve
cve

CVE-2019-4203

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force ID: 159124.

9.8CVSS

8.9AI Score

0.007EPSS

2019-04-15 03:29 PM
51
cve
cve

CVE-2020-4899

IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. IBM X-Force ID: 190990.

9.1CVSS

8.8AI Score

0.001EPSS

2021-01-05 03:15 PM
25
3
cve
cve

CVE-2021-29715

IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive information or conduct denial of serivce attacks due to open ports. IBM X-Force ID: 201018.

9.1CVSS

8.5AI Score

0.003EPSS

2021-08-26 08:15 PM
31
2
cve
cve

CVE-2021-29772

IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. IBM X-Force ID: 202774.

9.8CVSS

8.9AI Score

0.002EPSS

2021-08-26 08:15 PM
29